Beadmin
Enthusiast
Enthusiast

unable to open Vsphere web client

unable to open Vsphere web client, getting Certificate error - not trusted

"based on the current configuration the ssl certificate of the authentication server was not trusted"

I was following document ;

http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&docTypeID=DT_KB_1_1&e...

and stuck on point 29.

0 Kudos
4 Replies
hharold
Enthusiast
Enthusiast

Got into the same error, updating with custom certifate failed along the way.
I was able to revert to the VMware default certificates, but this error remains.

I suspect the STS certificate chain in the SSO configuration is invalid.
But without access to the web client,, I cannot check.


Any ideas?

Regards,

@hharold

0 Kudos
scerazy
Enthusiast
Enthusiast

Had to follow this:

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=207494...

but the commands are wrong & give error in step 4

Error Loading extension section v3_req
6864:error:2207507C:X509 V3 routines:v2i_GENERAL_NAME_ex:missing value:.\crypto\x509v3\v3_alt.c:433:
6864:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error in extension:.\crypto\x509v3\v3_conf.c:93:name=subjectAltName,

This edit made it work: (got it from here)

[ v3_req ]
subjectAltName = @alt_names


[alt_names]
email =
DNS.1 =
DNS.2 =
DNS.3 =
IP.1 =

Then I followed this: VMware KB: Configuring CA signed certificates for vCenter Server 5.5

New certificate is applied fine, but Web Client still throws error on login:

Based on the current configuration, the SSL certificate of the authentication server was not trusted.

What does it really mean? Who does not trust who?

Madness!

Seb

0 Kudos
scerazy
Enthusiast
Enthusiast

OK, after 3 hours of playing with:

http://kb.vmware.com/selfservice/search.do?cmd=displayKC&docType=kc&docTypeID=DT_KB_1_1&externalId=2...

and

http://kb.vmware.com/selfservice/search.do?cmd=displayKC&docType=kc&docTypeID=DT_KB_1_1&externalId=2...

which points to:

VMware KB: Configuring CA signed SSL certificates for vCenter Single Sign-On in vSphere 5.5

I just gave up completly, as it is pure madness. One can get lost in all the commands, with each executable being in different folder

I think that is getting to a point that it is just not manageable in any easy normal way. If it work, great, if it does NOT there is no way to fix it.

Restored VM backup from 2 days ago to get it working again

If I had more time to waste I could try toolking from:

http://www.derekseaman.com/2013/10/vsphere-5-5-install-pt-8-mint-certificates.htmlhttp://www.derekseaman.com/tag/sso-5-5

Seb

0 Kudos
scerazy
Enthusiast
Enthusiast

0 Kudos